[Bro] Problem with connections in S1 and SF state
sven at dreyer-net.de
Thu Apr 28 06:48:36 PDT 2016
Am 27.04.2016 um 16:49 schrieb Jan Grashöfer:
> Do both log lines differ only in receiver/originator? If there are
> packets missing in your replayed test it is likely that there is an
> issue with capturing the traffic.
You are right, they only differ in receiver/originator.
Thanks for the hint, but I don't think that packet loss is the problem
here, because conn.log says that bro saw the initial connection setup
(ShA flags in history field). That should be sufficient to tell who's
I also repeated playback several times with different speeds, the result
More information about the Bro